Security audit

三笙思考系统

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed ecommerce advisory skill with optional user-configured Notion case lookup and no evidence of hidden execution, exfiltration, or destructive behavior.

Install this if you want a conversational ecommerce strategy assistant. Before connecting Notion, make sure it only has access to the knowledge base you intend to use, and review any suggested saved notes before approving them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill explicitly states that 'any ecommerce-related question' can be brought to it, which creates an overly broad activation scope. Broad triggers can cause the skill to activate in contexts where a more specific tool or safer workflow should be used, increasing the chance of misrouting, unintended data collection, or inappropriate use of the Notion-connected knowledge workflow.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal